package blended.security.ssl.internal;

import blended.security.ssl.CertificateProvider;
import blended.security.ssl.ServerCertificate;
import blended.security.ssl.ServerCertificate$;
import blended.security.ssl.X509CertificateInfo;
import blended.security.ssl.X509CertificateInfo$;
import domino.capsule.Capsule;
import domino.capsule.CapsuleContext;
import domino.capsule.CapsuleConvenience;
import domino.capsule.CapsuleScope;
import domino.service_providing.ProvidableService;
import domino.service_providing.ServiceProviding;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.net.ssl.SSLContext;
import org.osgi.framework.BundleContext;
import org.osgi.framework.ServiceRegistration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import scala.Function0;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Option$;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Some;
import scala.Tuple2;
import scala.collection.Iterable$;
import scala.collection.TraversableLike;
import scala.collection.TraversableOnce;
import scala.collection.immutable.$colon;
import scala.collection.immutable.List;
import scala.collection.immutable.List$;
import scala.collection.immutable.Map;
import scala.collection.immutable.Nil$;
import scala.collection.mutable.ArrayOps;
import scala.concurrent.duration.package;
import scala.math.Ordering$;
import scala.reflect.ClassTag$;
import scala.reflect.ScalaSignature;
import scala.reflect.api.Mirror;
import scala.reflect.api.TypeCreator;
import scala.reflect.api.Types;
import scala.reflect.api.Universe;
import scala.reflect.runtime.package$;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;
import scala.util.Failure;
import scala.util.Success;
import scala.util.Try;
import scala.util.Try$;

/* compiled from: CertificateManager.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005Ue\u0001B\u0001\u0003\u0001-\u0011!cQ3si&4\u0017nY1uK6\u000bg.Y4fe*\u00111\u0001B\u0001\tS:$XM\u001d8bY*\u0011QAB\u0001\u0004gNd'BA\u0004\t\u0003!\u0019XmY;sSRL(\"A\u0005\u0002\u000f\tdWM\u001c3fI\u000e\u00011#\u0002\u0001\r%ii\u0002CA\u0007\u0011\u001b\u0005q!\"A\b\u0002\u000bM\u001c\u0017\r\\1\n\u0005Eq!AB!osJ+g\r\u0005\u0002\u001415\tAC\u0003\u0002\u0016-\u000591-\u00199tk2,'\"A\f\u0002\r\u0011|W.\u001b8p\u0013\tIBCA\u0004DCB\u001cX\u000f\\3\u0011\u0005MY\u0012B\u0001\u000f\u0015\u0005I\u0019\u0015\r]:vY\u0016\u001cuN\u001c<f]&,gnY3\u0011\u0005y\tS\"A\u0010\u000b\u0005\u00012\u0012!E:feZL7-Z0qe>4\u0018\u000eZ5oO&\u0011!e\b\u0002\u0011'\u0016\u0014h/[2f!J|g/\u001b3j]\u001eD\u0001\u0002\n\u0001\u0003\u0006\u0004%\t%J\u0001\u000eEVtG\r\\3D_:$X\r\u001f;\u0016\u0003\u0019\u0002\"a\n\u0018\u000e\u0003!R!!\u000b\u0016\u0002\u0013\u0019\u0014\u0018-\\3x_J\\'BA\u0016-\u0003\u0011y7oZ5\u000b\u00035\n1a\u001c:h\u0013\ty\u0003FA\u0007Ck:$G.Z\"p]R,\u0007\u0010\u001e\u0005\tc\u0001\u0011\t\u0011)A\u0005M\u0005q!-\u001e8eY\u0016\u001cuN\u001c;fqR\u0004\u0003\u0002C\u001a\u0001\u0005\u000b\u0007I\u0011\t\u001b\u0002\u001d\r\f\u0007o];mK\u000e{g\u000e^3yiV\tQ\u0007\u0005\u0002\u0014m%\u0011q\u0007\u0006\u0002\u000f\u0007\u0006\u00048/\u001e7f\u0007>tG/\u001a=u\u0011!I\u0004A!A!\u0002\u0013)\u0014aD2baN,H.Z\"p]R,\u0007\u0010\u001e\u0011\t\u0011m\u0002!\u0011!Q\u0001\nq\n1a\u00194h!\tid(D\u0001\u0003\u0013\ty$A\u0001\rDKJ$\u0018NZ5dCR,W*\u00198bO\u0016\u00148i\u001c8gS\u001eD\u0001\"\u0011\u0001\u0003\u0002\u0003\u0006IAQ\u0001\faJ|g/\u001b3fe6\u000b\u0007\u000f\u0005\u0003D\u00156\u0003fB\u0001#I!\t)e\"D\u0001G\u0015\t9%\"\u0001\u0004=e>|GOP\u0005\u0003\u0013:\ta\u0001\u0015:fI\u00164\u0017BA&M\u0005\ri\u0015\r\u001d\u0006\u0003\u0013:\u0001\"a\u0011(\n\u0005=c%AB*ue&tw\r\u0005\u0002R%6\tA!\u0003\u0002T\t\t\u00192)\u001a:uS\u001aL7-\u0019;f!J|g/\u001b3fe\")Q\u000b\u0001C\u0001-\u00061A(\u001b8jiz\"Ra\u0016-Z5n\u0003\"!\u0010\u0001\t\u000b\u0011\"\u0006\u0019\u0001\u0014\t\u000bM\"\u0006\u0019A\u001b\t\u000bm\"\u0006\u0019\u0001\u001f\t\u000b\u0005#\u0006\u0019\u0001\"\t\ru\u0003\u0001\u0015!\u0003_\u0003\rawn\u001a\t\u0003?\nl\u0011\u0001\u0019\u0006\u0003C2\nQ\u0001\\8hiML!a\u00191\u0003\r1{wmZ3s\u0011\u0019)\u0007\u0001)A\u0005M\u0006aQ.\u001b7mSN\u0004VM\u001d#bsB\u0011QbZ\u0005\u0003Q:\u0011A\u0001T8oO\"A!\u000e\u0001ECB\u0013%1.\u0001\u0005lKf\u001cFo\u001c:f+\u0005a\u0007cA7qe6\taN\u0003\u0002p\u001d\u0005!Q\u000f^5m\u0013\t\thNA\u0002Uef\u0004\"!P:\n\u0005Q\u0014!AD*feZ,'oS3z'R|'/\u001a\u0005\u0006m\u0002!\ta^\u0001\fO\u0016$8*Z=ti>\u0014X\rF\u0001s\u0011\u0019I\b\u0001\"\u0001\u0003u\u0006Q\"/Z4jgR,'oU:m\u0007>tG/\u001a=u!J|g/\u001b3feR\u00111P \t\u0003'qL!! \u000b\u0003\u0019\r\u000b\u0007o];mKN\u001bw\u000e]3\t\r}D\b\u0019AA\u0001\u0003\tY7\u000f\u0005\u0003\u0002\u0004\u0005-QBAA\u0003\u0015\r9\u0011q\u0001\u0006\u0003\u0003\u0013\tAA[1wC&!\u0011QBA\u0003\u0005!YU-_*u_J,\u0007bBA\t\u0001\u0011\u0005\u00111C\u0001\u0006gR\f'\u000f\u001e\u000b\u0003\u0003+\u00012!DA\f\u0013\r\tIB\u0004\u0002\u0005+:LG\u000fC\u0004\u0002\u001e\u0001!\t%a\u0005\u0002\tM$x\u000e\u001d\u0005\b\u0003C\u0001A\u0011AA\u0012\u0003YqW\r\u001f;DKJ$\u0018NZ5dCR,G+[7f_V$HCAA\u0013!\u0011\t9#a\u000b\u000e\u0005\u0005%\"bA8\u0002\b%!\u0011QFA\u0015\u0005\u0011!\u0015\r^3\t\u0011\u0005E\u0002\u0001)C\u0005\u0003g\tA\u0002\\8bI.+\u0017p\u0015;pe\u0016$\u0012\u0001\u001c\u0005\b\u0003o\u0001A\u0011AA\u001d\u0003E\u0019\u0007.Z2l\u0007\u0016\u0014H/\u001b4jG\u0006$Xm\u001d\u000b\u0003\u0003w\u0001B!\u001c9\u0002>A1Q\"a\u0010s\u0003\u0007J1!!\u0011\u000f\u0005\u0019!V\u000f\u001d7feA)\u0011QIA(\u001b:!\u0011qIA&\u001d\r)\u0015\u0011J\u0005\u0002\u001f%\u0019\u0011Q\n\b\u0002\u000fA\f7m[1hK&!\u0011\u0011KA*\u0005\u0011a\u0015n\u001d;\u000b\u0007\u00055c\u0002\u0003\u0005\u0002X\u0001\u0001K\u0011BA-\u00039)\b\u000fZ1uK.+\u0017p\u001d;pe\u0016$r\u0001\\A.\u0003;\ni\u0007C\u0004��\u0003+\u0002\r!!\u0001\t\u0011\u0005}\u0013Q\u000ba\u0001\u0003C\nA\"\u001a=jgRLgnZ\"feR\u0004R!DA2\u0003OJ1!!\u001a\u000f\u0005\u0019y\u0005\u000f^5p]B\u0019\u0011+!\u001b\n\u0007\u0005-DAA\tTKJ4XM]\"feRLg-[2bi\u0016D\u0001\"a\u001c\u0002V\u0001\u0007\u0011\u0011O\u0001\bG\u0016\u0014Ho\u00114h!\ri\u00141O\u0005\u0004\u0003k\u0012!!E\"feRLg-[2bi\u0016\u001cuN\u001c4jO\"A\u0011\u0011\u0010\u0001!\n\u0013\tY(\u0001\u0007tCZ,7*Z=Ti>\u0014X\r\u0006\u0003\u0002~\u0005}\u0004\u0003B7q\u0003\u0003Aqa`A<\u0001\u0004\t\t\u0001\u0003\u0005\u0002\u0004\u0002\u0001K\u0011BAC\u0003a)\u0007\u0010\u001e:bGR\u001cVM\u001d<fe\u000e+'\u000f^5gS\u000e\fG/\u001a\u000b\u0007\u0003\u000f\u000bI)a#\u0011\t5\u0004\u0018\u0011\r\u0005\b\u007f\u0006\u0005\u0005\u0019AA\u0001\u0011!\ty'!!A\u0002\u0005E\u0004\u0002CAH\u0001\u0001&I!!%\u0002\u001dM,'O^3s\u0017\u0016L8\u000f^8sKR\u0019A.a%\t\u000f}\fi\t1\u0001\u0002\u0002\u0001")
/* loaded from: input_file:blended/security/ssl/internal/CertificateManager.class */
public class CertificateManager implements Capsule, CapsuleConvenience, ServiceProviding {
    private Try<ServerKeyStore> keyStore;
    private final BundleContext bundleContext;
    private final CapsuleContext capsuleContext;
    private final CertificateManagerConfig cfg;
    private final Map<String, CertificateProvider> providerMap;
    public final Logger blended$security$ssl$internal$CertificateManager$$log;
    private final long millisPerDay;
    private volatile boolean bitmap$0;

    public <S> ProvidableService<S> serviceToProvidableService(S s) {
        return ServiceProviding.serviceToProvidableService$(this, s);
    }

    public void onStart(Function0<BoxedUnit> function0) {
        CapsuleConvenience.onStart$(this, function0);
    }

    public void onStop(Function0<BoxedUnit> function0) {
        CapsuleConvenience.onStop$(this, function0);
    }

    public BundleContext bundleContext() {
        return this.bundleContext;
    }

    public CapsuleContext capsuleContext() {
        return this.capsuleContext;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v8, types: [blended.security.ssl.internal.CertificateManager] */
    private Try<ServerKeyStore> keyStore$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (!this.bitmap$0) {
                this.keyStore = loadKeyStore();
                r0 = this;
                r0.bitmap$0 = true;
            }
        }
        return this.keyStore;
    }

    private Try<ServerKeyStore> keyStore() {
        return !this.bitmap$0 ? keyStore$lzycompute() : this.keyStore;
    }

    public ServerKeyStore getKeystore() {
        return (ServerKeyStore) keyStore().get();
    }

    public CapsuleScope registerSslContextProvider(KeyStore keyStore) {
        return capsuleContext().executeWithinNewCapsuleScope(() -> {
            this.blended$security$ssl$internal$CertificateManager$$log.debug("Registering SslContextProvider type=client and type=server");
            SslContextProvider sslContextProvider = new SslContextProvider(keyStore, this.cfg.keyPass().toCharArray());
            SSLContext.setDefault(sslContextProvider.serverContext());
            final CertificateManager certificateManager = null;
            ServiceRegistration providesService = this.serviceToProvidableService(sslContextProvider.clientContext()).providesService(Predef$.MODULE$.Map().apply(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("type"), "client")})), package$.MODULE$.universe().TypeTag().apply(package$.MODULE$.universe().runtimeMirror(CertificateManager.class.getClassLoader()), new TypeCreator(certificateManager) { // from class: blended.security.ssl.internal.CertificateManager$$typecreator1$1
                public <U extends Universe> Types.TypeApi apply(Mirror<U> mirror) {
                    mirror.universe();
                    return mirror.staticClass("javax.net.ssl.SSLContext").asType().toTypeConstructor();
                }
            }), ClassTag$.MODULE$.apply(SSLContext.class));
            final CertificateManager certificateManager2 = null;
            ServiceRegistration providesService2 = this.serviceToProvidableService(sslContextProvider.serverContext()).providesService(Predef$.MODULE$.Map().apply(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("type"), "server")})), package$.MODULE$.universe().TypeTag().apply(package$.MODULE$.universe().runtimeMirror(CertificateManager.class.getClassLoader()), new TypeCreator(certificateManager2) { // from class: blended.security.ssl.internal.CertificateManager$$typecreator2$1
                public <U extends Universe> Types.TypeApi apply(Mirror<U> mirror) {
                    mirror.universe();
                    return mirror.staticClass("javax.net.ssl.SSLContext").asType().toTypeConstructor();
                }
            }), ClassTag$.MODULE$.apply(SSLContext.class));
            this.onStop(() -> {
                this.blended$security$ssl$internal$CertificateManager$$log.debug("Unregistering SslContextProvider type=client and type=server");
                Try$.MODULE$.apply(() -> {
                    providesService.unregister();
                });
                Try$.MODULE$.apply(() -> {
                    providesService2.unregister();
                });
            });
        });
    }

    public void start() {
        Tuple2 tuple2;
        Failure checkCertificates = checkCertificates();
        if (checkCertificates instanceof Failure) {
            Throwable exception = checkCertificates.exception();
            this.blended$security$ssl$internal$CertificateManager$$log.error("Could not initialise Server certificate(s)");
            throw exception;
        }
        if (!(checkCertificates instanceof Success) || (tuple2 = (Tuple2) ((Success) checkCertificates).value()) == null) {
            throw new MatchError(checkCertificates);
        }
        ServerKeyStore serverKeyStore = (ServerKeyStore) tuple2._1();
        this.blended$security$ssl$internal$CertificateManager$$log.info("Successfully obtained Server Certificate(s) for SSLContext");
        CapsuleScope registerSslContextProvider = registerSslContextProvider(serverKeyStore.keyStore());
        Some refresherConfig = this.cfg.refresherConfig();
        if (None$.MODULE$.equals(refresherConfig)) {
            this.blended$security$ssl$internal$CertificateManager$$log.debug("No configuration for automatic certificate refresh found");
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
        } else {
            if (!(refresherConfig instanceof Some)) {
                throw new MatchError(refresherConfig);
            }
            capsuleContext().addCapsule(new CertificateRefresher(bundleContext(), this, (RefresherConfig) refresherConfig.value(), registerSslContextProvider));
            BoxedUnit boxedUnit2 = BoxedUnit.UNIT;
        }
        BoxedUnit boxedUnit3 = BoxedUnit.UNIT;
    }

    public void stop() {
    }

    public Date nextCertificateTimeout() {
        return getKeystore().serverCertificates().values().isEmpty() ? new Date() : (Date) ((TraversableOnce) getKeystore().serverCertificates().values().map(serverCertificate -> {
            return ((X509Certificate) serverCertificate.chain().head()).getNotAfter();
        }, Iterable$.MODULE$.canBuildFrom())).min(Ordering$.MODULE$.ordered(Predef$.MODULE$.$conforms()));
    }

    private Try<ServerKeyStore> loadKeyStore() {
        if (this.blended$security$ssl$internal$CertificateManager$$log.isInfoEnabled()) {
            this.blended$security$ssl$internal$CertificateManager$$log.info(new StringBuilder(55).append("Initializing key store [").append(this.cfg.keyStore()).append("] for server certificate(s) ...").toString());
        }
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        File file = new File(this.cfg.keyStore());
        if (file.exists()) {
            FileInputStream fileInputStream = new FileInputStream(file);
            try {
                keyStore.load(fileInputStream, this.cfg.storePass().toCharArray());
                fileInputStream.close();
                BoxedUnit boxedUnit = BoxedUnit.UNIT;
            } catch (Throwable th) {
                fileInputStream.close();
                throw th;
            }
        } else {
            if (this.blended$security$ssl$internal$CertificateManager$$log.isInfoEnabled()) {
                this.blended$security$ssl$internal$CertificateManager$$log.info("Creating empty key store  ...");
            }
            keyStore.load(null, this.cfg.storePass().toCharArray());
            saveKeyStore(keyStore);
        }
        return serverKeystore(keyStore);
    }

    public Try<Tuple2<ServerKeyStore, List<String>>> checkCertificates() {
        return Try$.MODULE$.apply(() -> {
            ServerKeyStore serverKeyStore = (ServerKeyStore) this.keyStore().get();
            return new Tuple2(serverKeyStore, this.blended$security$ssl$internal$CertificateManager$$changedAliases$1(this.cfg.certConfigs(), List$.MODULE$.empty(), serverKeyStore).get());
        });
    }

    private Try<ServerKeyStore> updateKeystore(KeyStore keyStore, Option<ServerCertificate> option, CertificateConfig certificateConfig) {
        return Try$.MODULE$.apply(() -> {
            if (this.blended$security$ssl$internal$CertificateManager$$log.isInfoEnabled()) {
                this.blended$security$ssl$internal$CertificateManager$$log.info(new StringBuilder(53).append("Aquiring new certificate from certificate provider [").append(certificateConfig.provider()).append("]").toString());
            }
            CertificateProvider certificateProvider = (CertificateProvider) this.providerMap.get(certificateConfig.provider()).get();
            Failure refreshCertificate = certificateProvider.refreshCertificate(option, certificateConfig.cnProvider());
            if (refreshCertificate instanceof Failure) {
                Throwable exception = refreshCertificate.exception();
                this.blended$security$ssl$internal$CertificateManager$$log.error("Could not update keystore", exception);
                throw exception;
            }
            if (!(refreshCertificate instanceof Success)) {
                throw new MatchError(refreshCertificate);
            }
            ServerCertificate serverCertificate = (ServerCertificate) ((Success) refreshCertificate).value();
            X509CertificateInfo apply = X509CertificateInfo$.MODULE$.apply((X509Certificate) serverCertificate.chain().head());
            if (this.blended$security$ssl$internal$CertificateManager$$log.isInfoEnabled()) {
                this.blended$security$ssl$internal$CertificateManager$$log.info(new StringBuilder(65).append("Successfully obtained certificate from certificate provider [").append(certificateProvider).append("] : ").append(apply).toString());
            }
            keyStore.setKeyEntry(certificateConfig.alias(), serverCertificate.keyPair().getPrivate(), this.cfg.keyPass().toCharArray(), (Certificate[]) serverCertificate.chain().toArray(ClassTag$.MODULE$.apply(Certificate.class)));
            this.saveKeyStore(keyStore).get();
            return (ServerKeyStore) this.serverKeystore(keyStore).get();
        });
    }

    private Try<KeyStore> saveKeyStore(KeyStore keyStore) {
        return Try$.MODULE$.apply(() -> {
            FileOutputStream fileOutputStream = new FileOutputStream(this.cfg.keyStore());
            try {
                keyStore.store(fileOutputStream, this.cfg.storePass().toCharArray());
                if (this.blended$security$ssl$internal$CertificateManager$$log.isInfoEnabled()) {
                    this.blended$security$ssl$internal$CertificateManager$$log.info(new StringBuilder(63).append("Successfully written modified key store to [").append(this.cfg.keyStore()).append("] with storePass [").append(this.cfg.storePass()).append("]").toString());
                }
                return keyStore;
            } finally {
                fileOutputStream.close();
            }
        });
    }

    private Try<Option<ServerCertificate>> extractServerCertificate(KeyStore keyStore, CertificateConfig certificateConfig) {
        return Try$.MODULE$.apply(() -> {
            return Option$.MODULE$.apply(keyStore.getCertificateChain(certificateConfig.alias())).map(certificateArr -> {
                Certificate certificate = keyStore.getCertificate(certificateConfig.alias());
                return (ServerCertificate) ServerCertificate$.MODULE$.create(new KeyPair(certificate.getPublicKey(), (PrivateKey) keyStore.getKey(certificateConfig.alias(), this.cfg.keyPass().toCharArray())), new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(certificateArr)).toList()).get();
            });
        });
    }

    private Try<ServerKeyStore> serverKeystore(KeyStore keyStore) {
        return Try$.MODULE$.apply(() -> {
            return new ServerKeyStore(keyStore, ((TraversableOnce) ((TraversableLike) this.cfg.certConfigs().map(certificateConfig -> {
                return new Tuple2(certificateConfig.alias(), this.extractServerCertificate(keyStore, certificateConfig).get());
            }, List$.MODULE$.canBuildFrom())).filter(tuple2 -> {
                return BoxesRunTime.boxToBoolean($anonfun$serverKeystore$3(tuple2));
            })).toMap(Predef$.MODULE$.$conforms()).mapValues(option -> {
                return (ServerCertificate) option.get();
            }));
        });
    }

    public final Try blended$security$ssl$internal$CertificateManager$$changedAliases$1(List list, List list2, ServerKeyStore serverKeyStore) {
        return Try$.MODULE$.apply(() -> {
            List list3;
            List list4;
            List list5;
            if (Nil$.MODULE$.equals(list)) {
                list4 = list2;
            } else {
                if (!(list instanceof $colon.colon)) {
                    throw new MatchError(list);
                }
                $colon.colon colonVar = ($colon.colon) list;
                CertificateConfig certificateConfig = (CertificateConfig) colonVar.head();
                List tl$access$1 = colonVar.tl$access$1();
                Some some = (Option) this.extractServerCertificate(serverKeyStore.keyStore(), certificateConfig).get();
                if (some instanceof Some) {
                    long time = X509CertificateInfo$.MODULE$.apply((X509Certificate) ((ServerCertificate) some.value()).chain().head()).notAfter().getTime() - System.currentTimeMillis();
                    if (time <= certificateConfig.minValidDays() * this.millisPerDay) {
                        if (this.blended$security$ssl$internal$CertificateManager$$log.isInfoEnabled()) {
                            this.blended$security$ssl$internal$CertificateManager$$log.info(new StringBuilder(67).append("Certificate [").append(certificateConfig.alias()).append("] is about to expire in ").append(time / this.millisPerDay).append(" days...refreshing certificate").toString());
                        }
                        this.updateKeystore(serverKeyStore.keyStore(), some, certificateConfig).recoverWith(new CertificateManager$$anonfun$$nestedInanonfun$checkCertificates$2$1(this, serverKeyStore, list2, certificateConfig, tl$access$1));
                        list5 = (List) this.blended$security$ssl$internal$CertificateManager$$changedAliases$1(tl$access$1, list2.$colon$colon(certificateConfig.alias()), serverKeyStore).get();
                    } else {
                        if (this.blended$security$ssl$internal$CertificateManager$$log.isInfoEnabled()) {
                            this.blended$security$ssl$internal$CertificateManager$$log.info(new StringBuilder(37).append("Server certificate [").append(certificateConfig.alias()).append("] is still valid.").toString());
                        }
                        list5 = (List) this.blended$security$ssl$internal$CertificateManager$$changedAliases$1(tl$access$1, list2, serverKeyStore).get();
                    }
                    list3 = list5;
                } else {
                    if (!None$.MODULE$.equals(some)) {
                        throw new MatchError(some);
                    }
                    if (this.blended$security$ssl$internal$CertificateManager$$log.isInfoEnabled()) {
                        this.blended$security$ssl$internal$CertificateManager$$log.info(new StringBuilder(45).append("Certificate with alias [").append(certificateConfig.alias()).append("] does not yet exist.").toString());
                    }
                    this.updateKeystore(serverKeyStore.keyStore(), None$.MODULE$, certificateConfig);
                    list3 = (List) this.blended$security$ssl$internal$CertificateManager$$changedAliases$1(tl$access$1, list2.$colon$colon(certificateConfig.alias()), serverKeyStore).get();
                }
                list4 = list3;
            }
            return list4;
        });
    }

    public static final /* synthetic */ boolean $anonfun$serverKeystore$3(Tuple2 tuple2) {
        return ((Option) tuple2._2()).isDefined();
    }

    public CertificateManager(BundleContext bundleContext, CapsuleContext capsuleContext, CertificateManagerConfig certificateManagerConfig, Map<String, CertificateProvider> map) {
        this.bundleContext = bundleContext;
        this.capsuleContext = capsuleContext;
        this.cfg = certificateManagerConfig;
        this.providerMap = map;
        CapsuleConvenience.$init$(this);
        ServiceProviding.$init$(this);
        this.blended$security$ssl$internal$CertificateManager$$log = LoggerFactory.getLogger(CertificateManager.class);
        this.millisPerDay = new package.DurationInt(scala.concurrent.duration.package$.MODULE$.DurationInt(1)).day().toMillis();
    }
}
